NetFilter connection tracking connection

From: David Armstrong (stretch@flat24.org)
Date: Wed Aug 28 2002 - 15:58:27 EST


Hi,

Is there any (simple) way, from userland, to tell the Linux kernel to
delete an active connection from the connection tracking list?

Example, say I have a NAT box running Linux, internal IP 192.168.16.1,
external 1.2.3.4. I have a machine on the private network with an
active connection:

(cat /proc/net/ip_conntrack)

tcp 6 431998 ESTABLISHED src=192.168.17.16 dst=64.28.67.150
sport=32879 dport=80 src=64.28.67.150 dst=217.XXX.YYY.ZZZ sport=80
dport=32879 [ASSURED] use=1

So I want to tell the kernel to forget about the above connection, such
that any further packets either upstream or downstream will simply get
dropped.

Can this be achieved using existing utilities/kernel features?

cheers,
David.

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Sat Aug 31 2002 - 22:00:01 EST